oidc authn: add issuer registration testing (#31296)

tests/test_auth_oidc.py

@@ -1,5 +1,6 @@
 # -*- coding: utf-8 -*-
 import datetime
+import os
 import pytest
 import json
 import time
@@ -18,7 +19,7 @@ from django.utils.six.moves.urllib import parse as urlparse
 from django_rbac.utils import get_ou_model
 
 from authentic2_auth_oidc.utils import (base64url_decode, parse_id_token, IDToken, get_providers,
-                                        has_providers)
+                                        has_providers, register_issuer)
 from authentic2_auth_oidc.models import OIDCProvider, OIDCClaimMapping
 from authentic2.models import AttributeValue
 from authentic2.utils import timestamp_from_datetime, last_authentication_event
@@ -439,3 +440,28 @@ def test_strategy_find_uuid(app, caplog, code, oidc_provider, oidc_provider_jwks
         with oidc_provider_mock(oidc_provider, oidc_provider_jwkset, code, nonce=nonce):
             response = response.click(href='logout')
     assert 'https://idp.example.com/logout' in response.content
+
+
+def test_register_issuer(db, app, caplog, oidc_provider_jwkset):
+    config_dir = os.path.dirname(__file__)
+    config_file = os.path.join(config_dir, 'openid_configuration.json')
+    with open(config_file) as f:
+        oidc_conf = json.load(f)
+    jwks_uri = urlparse.urlparse(oidc_conf['jwks_uri'])
+
+    @urlmatch(netloc=jwks_uri.netloc, path=jwks_uri.path)
+    def jwks_mock(url, request):
+        return oidc_provider_jwkset.export()
+
+    with HTTMock(jwks_mock):
+        provider = register_issuer(
+                name='test_issuer',
+                issuer='https://default.issuer',
+                openid_configuration=oidc_conf)
+
+    oidc_conf['id_token_signing_alg_values_supported'] = ['HS256']
+    with HTTMock(jwks_mock):
+        provider = register_issuer(
+                name='test_issuer_hmac_only',
+                issuer='https://hmac_only.issuer',
+                openid_configuration=oidc_conf)